CLOUDP-295785 - using build_info.json in new atomic pipeline (#317)

# Summary

This PR focuses on using `build_info.json` information in
`atomic_pipeline.py` code. The logic is mostly hidden in
`image_build_config_from_args` function. It is binding the parts from:
- #303 - atomic
pipeline for building images
- #307 -
`build_info.json` with information for building images

[Section in Atomic Releases
TD](https://docs.google.com/document/d/1eJ8iKsI0libbpcJakGjxcPfbrTn8lmcZDbQH1UqMR_g/edit?tab=t.p76ry15gwmkk#heading=h.23xqxc1qypvb)
that describes the `build_info.json` and how it is used in the image
building process.

- Added signing configuration in `build_info.json`
- Added missing `meko-tests` and `mco-tests` images in `build_info.json`
- Added configuration for `agent` and `ops-manager` images in
`build_info.json`
- Moved `images_signing.py` from `scripts/evergreen/release`
- Simplifications in the existing code

## Proof of Work

CI tests passing + updated unit tests

## Checklist

- [ ] Have you linked a jira ticket and/or is the ticket in the title?
- [ ] Have you checked whether your jira ticket required DOCSP changes?
- [ ] Have you added changelog file?
    - use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details

---------

Co-authored-by: Julien Benhaim <[email protected]>

Author: MaciejKaras

.evergreen.yml

@@ -423,15 +423,15 @@ tasks:
       - func: build_multi_cluster_binary
       - func: pipeline
         vars:
-          image_name: test
+          image_name: meko-tests
 
   - name: build_mco_test_image
     commands:
       - func: clone
       - func: setup_building_host
       - func: pipeline
         vars:
-          image_name: mco-test
+          image_name: mco-tests
 
   - name: build_operator_ubi
     commands:

Makefile

@@ -60,7 +60,7 @@ precommit:
 	@ .githooks/pre-commit
 
 precommit-with-licenses:
-	@ MDB_UPDATE_LICENSE=true .githooks/pre-commit
+	@ MDB_UPDATE_LICENSES=true .githooks/pre-commit
 
 switch:
 	@ scripts/dev/switch_context.sh $(context) $(additional_override)

build_info.json

@@ -1,86 +1,94 @@
 {
   "images": {
-    "mongodbOperator": {
+    "operator": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
     },
-    "initDatabase": {
+    "init-database": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-init-database",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-init-database-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-init-database",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-init-database",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
     },
-    "initAppDb": {
+    "init-appdb": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-init-appdb",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-init-appdb-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-init-appdb",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-init-appdb",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
     },
-    "initOpsManager": {
+    "init-ops-manager": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-init-ops-manager",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-init-ops-manager-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-init-ops-manager",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-init-ops-manager",
         "platforms": [
           "linux/arm64",
@@ -96,65 +104,148 @@
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-database-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-database",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-database",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
     },
-    "readinessprobe": {
+    "meko-tests": {
+      "patch": {
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-tests",
+        "platforms": [
+          "linux/amd64"
+        ]
+      },
+      "staging": {
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-tests",
+        "platforms": [
+          "linux/amd64"
+        ]
+      }
+    },
+    "mco-tests": {
+      "patch": {
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-community-tests",
+        "platforms": [
+          "linux/amd64"
+        ]
+      },
+      "staging": {
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-community-tests",
+        "platforms": [
+          "linux/amd64"
+        ]
+      }
+    },
+    "readiness-probe": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-readinessprobe",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-readinessprobe-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-readinessprobe",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
         "version": "1.0.22",
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-readinessprobe",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
     },
-    "operator-version-upgrade-post-start-hook": {
+    "upgrade-hook": {
       "patch": {
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-operator-version-upgrade-post-start-hook",
         "platforms": [
           "linux/amd64"
         ]
       },
       "staging": {
-        "repository": "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook-stg",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-kubernetes-operator-version-upgrade-post-start-hook",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       },
       "release": {
         "version": "1.0.9",
+        "sign": true,
         "repository": "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook",
         "platforms": [
           "linux/arm64",
           "linux/amd64"
         ]
       }
+    },
+    "agent": {
+      "patch": {
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-agent-ubi",
+        "platforms": [
+          "linux/amd64"
+        ]
+      },
+      "staging": {
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-agent-ubi",
+        "platforms": [
+          "linux/arm64",
+          "linux/amd64"
+        ]
+      },
+      "release": {
+        "sign": true,
+        "repository": "quay.io/mongodb/mongodb-agent-ubi",
+        "platforms": [
+          "linux/arm64",
+          "linux/amd64"
+        ]
+      }
+    },
+    "ops-manager": {
+      "patch": {
+        "version": "om-version-from-release.json",
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-enterprise-ops-manager",
+        "platforms": [
+          "linux/amd64"
+        ]
+      },
+      "staging": {
+        "version": "om-version-from-release.json",
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/mongodb-enterprise-ops-manager",
+        "platforms": [
+          "linux/amd64"
+        ]
+      },
+      "release": {
+        "version": "om-version-from-release.json",
+        "sign": true,
+        "repository": "quay.io/mongodb/mongodb-enterprise-ops-manager",
+        "platforms": [
+          "linux/amd64"
+        ]
+      }
     }
   },
   "binaries": {
@@ -166,6 +257,7 @@
         ]
       },
       "staging": {
+        "sign": true,
         "s3-store": "s3://kubectl-mongodb/staging",
         "platforms": [
           "darwin/amd64",
@@ -175,6 +267,7 @@
         ]
       },
       "release": {
+        "sign": true,
         "s3-store": "s3://kubectl-mongodb/prod",
         "platforms": [
           "darwin/amd64",
@@ -191,9 +284,11 @@
         "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/helm-charts"
       },
       "staging": {
-        "repository": "quay.io/mongodb/helm-charts-stg"
+        "sign": true,
+        "repository": "268558157000.dkr.ecr.us-east-1.amazonaws.com/staging/helm-charts"
       },
       "release": {
+        "sign": true,
         "repository": "quay.io/mongodb/helm-charts"
       }
     }

docker/mongodb-community-tests/Dockerfile

@@ -6,9 +6,7 @@
 #
 # Ref: https://cryptography.io/en/latest/installation/#building-cryptography-on-linux
 #
-ARG GOLANG_VERSION
-
-FROM public.ecr.aws/docker/library/golang:${GOLANG_VERSION} as builder
+FROM public.ecr.aws/docker/library/golang:1.24 as builder
 
 ENV GO111MODULE=on
 ENV GOPATH ""

pipeline.py

@@ -46,12 +46,12 @@
     get_supported_operator_versions,
     get_supported_version_for_image_matrix_handling,
 )
-from scripts.evergreen.release.images_signing import (
+from scripts.evergreen.release.sbom import generate_sbom, generate_sbom_for_cli
+from scripts.release.build.image_signing import (
     mongodb_artifactory_login,
     sign_image,
     verify_signature,
 )
-from scripts.evergreen.release.sbom import generate_sbom, generate_sbom_for_cli
 
 TRACER = trace.get_tracer("evergreen-agent")
 

pipeline_test.py

@@ -14,7 +14,7 @@
     is_version_in_range,
     operator_build_configuration,
 )
-from scripts.evergreen.release.images_signing import run_command_with_retries
+from scripts.release.build.image_signing import run_command_with_retries
 
 release_json = {
     "supportedImages": {